diff mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1349:350e903b14ff

mod_s2s_auth_dane: Comments and TODOs
author Kim Alvefur <zash@zash.se>
date Fri, 14 Mar 2014 14:23:27 +0100
parents 6191613959dc
children cda335db2cbb
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Fri Mar 14 14:18:18 2014 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Fri Mar 14 14:23:27 2014 +0100
@@ -3,8 +3,18 @@
 --
 -- This file is MIT/X11 licensed.
 --
+-- In your DNS, put
+-- _xmpp-server.example.com. IN TLSA 3 0 1 <sha256 hash of certificate>
+--
+-- Known issues:
+-- Race condition
 -- Could be done much cleaner if mod_s2s was using util.async
-
+--
+-- TODO Things to test/handle:
+-- Negative or bogus answers
+-- No encryption offered
+-- Different hostname before and after STARTTLS - mod_s2s should complain
+-- Interaction with Dialback
 
 module:set_global();
 
@@ -33,12 +43,6 @@
 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE" });
 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end;
 
--- TODO Things to test/handle:
--- Negative or bogus answers
--- No SRV records
--- No encryption offered
--- Different hostname before and after STARTTLS - mod_s2s should complain
-
 local function dane_lookup(host_session, name, cb, a,b,c)
 	if host_session.dane ~= nil then return false; end
 	local ascii_host = name and idna_to_ascii(name);